Melinda Shore <mshore@cisco.com> writes:
> As I said before, the workarounds that are being
> used to help facilitate application traversal of NATs are
> definitely introducing new security problems that wouldn't
> exist if the NAT weren't there. There are other problems
> around robustness and routing. I think this is a bad thing,
> myself.
No doubt it's a bad thing. Very few technical solutions are unalloyed
goods. I think of these sorts of things as sort of the networking
equipment of drug side effects--an undesirable side effect of things
that are otherwise desirable. Now, reasonable people can disagree as
to the relative importance of the good and bad effects, but absent
evidence to the contrary, I generally assume that people are able
to make those choices for themselves.
I'm not sure what you mean by routing above. Are you suggesting there's
some negative externality in that NAT makes the routing infrastructure
more complicated? If so, what is it?
-Ekr
--
[Eric Rescorla ekr@rtfm.com]
http://www.rtfm.com/